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REMARKS 

The present application is a continuation of application No. 09/525,506, now U.S. Patent 
6,339,830, which is a continuation of application No. 874,754, now U.S. Patent 6,070,243. 

By this amendment, applicants have canceled claims 44-58, 64, 66, 71-110 and 113-127 
without prejudice and have added new claims 128-160 for prosecution in the present application. 
Accordingly, claims 128-160 are presently pending. 

Pending claims 128, 135, 142, 151 and 152 are independent. One aspect of the invention 
is directed toward a user authentication method for a communication network having a plurality 
of nodes. The method includes entering on a first node first user identification information; 
transmitting to an authentication agent on a second node communicating with the first node over 
a LAN link the first user identification information; relaying from the authentication agent to an 
authentication server the first user identification information; comparing on the authentication 
server the first user identification information with user identification information in a database 
of user identification information; and transmitting from the authentication server to the 
authentication agent, if the first user identification information matches user identification 
information in the database of user identification information, information notifying the 
authentication agent that a user on the first node has been authenticated whereupon the 
authentication agent authorizes transmission on the second node of packets in data flows 
involving the first node. 

Claim 128 is directed to a method in which first user identification information is 
transmitted from the first node to the authentication agent as part of a MAC-based authentication 
flow between an authentication client on the first node and the authentication agent. In this 
exemplary method, user identification information is directed between the authentication client 
and the authentication agent by a MAC layer service. This is distinguishable from authentication 
approaches that rely on network layer (e.g. IP) services to carry user identification information 
between an authentication client and an authentication agent, such as the alternative Telnet 
approach disclosed in the specification. The claimed method has the advantage, among others, 
over IP-based approaches of enabling network environments that require users to complete 
authentication before assigning IP addresses to the end systems they are using. 
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Claim 135 is directed to a method in which the authorization comprises authorizing an 
interface to the LAN link to allow packets in data flows. 

Claim 142 is directed to a method whereupon the authentication agent authorizes 
transmission on the second node of packets in data flows involving the first node and one or 
more nodes reachable by the first node via the second node and relays to the first node the 
notification information. 

Claim 151 is directed to a method in which the packets that are transmitted pursuant to 
the authorization bypass the authentication agent. In this exemplary method, the packets in data 
flows involving the first node that are transmitted pursuant to the authentication agent's 
authorization are transmitted without resort to the authentication agent. This method is 
distinguishable from authentication approaches in which an authentication agent plays a role 
beyond authenticator, such as by supporting remote control of its node by an authenticated user, 
or by making forwarding/filtering decisions on packets in data flows involving an authenticated 
user's end system. 

Claim 152 is directed toward a method in which the authentication server transmits to the 
authentication agent information identifying a VLAN for which the user has been authenticated 
whereupon the authentication agent authorizes transmission on the second node of packets in 
data flows that involve the first node and are within the VLAN. 

Based on the foregoing, applicants respectfully request entry of the present amendment 
and consideration, examination and allowance of claims 128-160 of this application. 
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